Instagram users are being targeted by a new phishing campaign that baits them into giving away their credentials using fake copyright infringement alerts. The phishing messages are designed to look as close as possible to what official Instagram messages would look like to avoid raising suspicions. The attackers use an insta..gram.copy..right..infringement..appeal[phishing domain].cf sub domain (.CF) for both the interstitial and the phishing landing page which adds to the illusion that the domain is an Instagram one.
Source: https://www.bleepingcomputer.com/news/security/instagram-phishing-attack-baits-with-copyright-infringement-note/